Systems and methods for sharing of resources

ABSTRACT

A method for allocating access to a shared limited resource among a plurality of users who require access to the resource, the allocation being made such that each user is granted access to the resource at a minimum guaranteed rate associated with each user and such that the resource is available for use by any user exceeding its minimum guaranteed rate only if the resource is available, the method comprising the steps of: assigning tokens to each user at a rate determined by the minimum guaranteed rate associated with each user; storing tokens assigned to each user in a bank associated with each user, each bank having a finite capacity associated with each user; storing tokens assigned to a user whose associated bank has reached its capacity in a bank assigned to another user whose bank is below its capacity; and allowing a user requesting access to the resource to have access to the resource if the user has a predetermined number of tokens in its associated bank and otherwise denying access to the resource.

FIELD OF THE INVENTION

This invention relates to systems and methods for sharing limited resources among a number of users and/or classes of users.

BACKGROUND OF THE INVENTION

Resources are often shared by a number of users. For example, telecommunication service providers have a certain limited number of resources that are critical to serve their customers' requests. A fair and efficient system for allocating the resources is desirable to prevent heavy users from degrading the performance of the system while allowing unused resources to be fully utilized.

The issue of guaranteeing a fair share of resources in a shared resource setting pervades our current business environment. It is widely recognized that sharing can in principle lead to economies of scale, and that non-simultaneity of demand (e.g., business vs. residential traffic) can be exploited. There is no integrated framework that guarantees users real time access to their contracted "slices" of a resource even in the face of unanticipated large demands from other customers. Protection can be achieved by complete partitioning of the resources. Such partitioning is effective in that users are protected from each other but is not efficient in that resources assigned to and not used by a particular user are wasted.

In a typical resource sharing situation, as exemplified by communications and computer networks, there is a need to address three major problems; namely, the problem of controlling the access to a system or subsystem, the problem of scheduling a particular processor, and the problem of allocating discrete resources.

To help visualize the problems and solutions, we will refer to an AT&T, Inc. 5ESS® switch. FIG. 1 depicts a 5ESS® subject to the demand of multi-class traffic, represented by streams a to z. Typically, a stream bundles the requests of a particular service, which can include, for example, call setups. For instance, a stream associated with wireless service may include handover requests, location updates, etc. A given activity places demands on a number of resources such as links, processors, data bases, trunks, etc.

The 5ESS® is engineered and provisioned so that it can provide a certain grade of service subject to a certain sustained traffic mix. Basic access control mechanisms could be implemented to guarantee that no class exceeds its contractual value. Such an approach would be effective, but hardly efficient. After all, access to a class that exceeds its allocated rate should not be denied when the system is operating below capacity because other classes are below their contractual rates. Traffic variability makes this a common occurrence. It is not unlikely for a class to exceed its contractual rate, and this does not necessarily happen when all classes are demanding their full share.

The second problem, i.e., the sharing of a processor, is local in nature. It may be necessary to control the sharing of a processor in addition to the global access control. For example, a particular processor may play a critical role as a global resource. Second, different classes tax various resources differently. By its very nature, a global access mechanism has to be based on estimates of the demand of each class of every resource. Moreover, a single class may contain in itself a number of activities. Therefore, the estimate assumes a certain mix of activities, but there is no guarantee that, once a class has obtained access, it will have such a mix.

Finally, we face the problem of sharing discrete resources. An example is the contention for trunks in the 5ESS®.

U.S. Pat. No. 5,274,644 (the "'644 patent"; incorporated herein by reference) discloses several examples of methods for controlling access to a common resource, including a scheme that utilizes "tokens" to regulate access to the common resource. The '644 patent system includes a "throttle" associated with each user that regulates that user's access to the resource based on that user's access to tokens, as described below.

FIG. 2 depicts a rate control throttle for a single stream. The system can provide a desirable grade of service as long as key parameters of the traffic (arrival rate, peakedness) are kept within certain bounds. The rate control throttle guarantees that, in the long run, the admission rate in the system does not exceed a predetermined value, and shapes the traffic by limiting its peakedness. This predetermined value is used to establish a contractual admission rate "r_(i) " for each user (i=1 to N, N being the total number of users), and a peakedness related factor "L_(i) ". The mechanism consists of a bank B_(i) for each user, of finite capacity L_(i), and a source (not shown) that generates tokens at a predetermined rate r_(i). The admission mechanism works as follows:

i) Tokens are generated at rate r_(i).

ii) A freshly generated token is deposited in bank B_(i) if the number of tokens already in the bank is less that L_(i). Otherwise, the token is destroyed.

iii) An arrival from user i that finds a token in bank B_(i) is admitted into service (and the token destroyed). Otherwise, the arrival is either rejected or queued.

As shown above, the rate control throttle is an effective mechanism that can be generalized to the case of N classes of users by providing a separate bank for each class. This system is effective, but is not completely efficient. When several classes contend for a given resource, it is likely that some of them will be operating below their contractual levels. The rate at which tokens are destroyed for finding a full bank is an indication of resource underutilization (provided of course that the provisioning of resources, and the assigning of token rates is sound).

One proposal to solve the problem of underutilization, described in the '644 patent, is to add an extra bank "B₀ ", called the spare or overflow bank. As any regular bank, the overflow bank also has a limited capacity. The mechanism operates as follows (see FIG. 3):

i) Tokens corresponding to class i are generated at the contractual rate r_(i),

ii) A freshly generated class i token is deposited in bank B_(i), if the number of tokens already in B_(i) is less than L_(i). Otherwise, the token is stored in the overflow bank B₀. If the overflow bank happens to be full, the token is destroyed.

iii) A class i arrival that finds a token in bank B_(i) is admitted into service (and the token destroyed). If no token is available in bank B_(i), but the overflow bank is not empty, the class i arrival is also admitted into service (and a token is destroyed in the overflow bank). Otherwise, the class i arrival is either rejected or queued.

An article authored by Berger and Whitt, entitled "A Multi-Class Input Regulation Throttle", (Proceedings Of The 29th IEEE Conference On Decision and Control, 1990, pp. 2106-2111), examines the case in which arrivals that are not admitted are lost from the system. This article discusses exact blocking and throughput for the case of two Poisson streams, and approximate models for N>2 classes. (This article is incorporated herein by reference.)

If arrivals that are not immediately admitted are queued and the number of classes exceeds two, access rules to the overflow bank by queued jobs need to be specified.

Yet another efficient multiclass admission control algorithm, homomorphic to the rate control throttle, is the leaky bucket mechanism, also described in the '644 patent. Instead of focusing on the availability of a certain amount of a material (e.g., a token) that flows in at a fixed rate, the leaky bucket mechanism considers the availability of space in a bucket that drains at a fixed rate.

In addition to N real buffers (queues Q₁, Q₂ . . . , Q_(N)), the leaky bucket access mechanism consists of N+1 virtual buffers (leaky buckets LB₀, LB₁, . . . , LB_(N)). Each class is assigned its own queue, and its own leaky bucket. While the size of the queues is infinite, the leaky buckets have finite capacity. We denote as L_(i) the capacity of LB_(i), i=0, . . . N. The additional leaky bucket (LB₀) is common to all classes. To be admitted into the system, a class i arrival has to deposit b_(i) quanta of fluid in its own LB_(i) or in the common LB₀ if the former cannot contain the full quanta. Should the sum of the spare capacity in LB_(i) and LB₀ be less than b_(i) the arrival waits in Q_(i). Fluid originated by class i traffic is continuously deposited in bucket LB_(i), and possibly in LB₀, as space is made by the leaks as long as Q_(i) is not empty. Access within a class is granted according to the FIFO (i.e., first in first out) discipline as soon as the required quanta for the head of the line arrival has been deposited. LB_(i), i≠0 leaks at the contractual rate r_(i). When a bucket, say LB_(j), j≠0 empties, its discharge capability at rate r_(j) is immediately transferred to LB₀. As soon as fluid is deposited in LB_(j) the leak is returned to it. That is, LB₀ does not have a leak of its own.

SUMMARY OF THE INVENTION

The disadvantages of the prior art have been overcome by the present invention which features an improved resource allocation system and method.

In one aspect, the invention features a method for allocating access to a shared limited resource among a plurality of users who require access to the resource, the allocation being made such that each user is granted access to the resource at a minimum guaranteed rate associated with each user and such that the resource is available for use by any user exceeding its minimum guaranteed rate only if the resource is available, the method comprising the steps of: assigning tokens to each user at a rate determined by the minimum guaranteed rate associated with each user; storing tokens assigned to each user in a bank associated with each user, each bank having a finite capacity associated with each user; storing tokens assigned to a user whose associated bank has reached its capacity in a bank assigned to another user whose bank is below its capacity; and allowing a user requesting access to the resource to have access to the resource if the user has a predetermined number of tokens in its associated bank and otherwise denying access to the resource.

In preferred embodiments, the users are assigned different priorities and selected based on the assigned priorities.

The method further comprises the step of deleting a predetermined number of tokens from a bank associated with a user that is granted access to the resource. The predetermined number of tokens can be one token. Each bank can either have the same predetermined finite capacity, or at least two of the banks can have different capacities.

In another aspect, the invention features a method for allocating access to a shared resource, comprising the steps of: (a) establishing an incrementable counter for each of a plurality of users of the resource, the incrementable counter having a count; (b) incrementing the count in each counter established for each user at a rate associated with each user if the count is below a predefined maximum count associated with each user; (c) permitting a user requesting access to the resource to have access if the count in the counter established for the user requesting access is non-zero; and (d) incrementing the count in a counter associated with a user whose counter is below the predefined maximum count at a rate higher than its associated rate if the count in any other counter incremented in step (b) is at its predefined maximum count.

In still another aspect, the invention features a method for sharing access to a common resource among N users, where N is an integer greater than 1, comprising the steps of: assigning a rate "R_(i) " to each of the N users, the rate indicating the minimum desired access rate for the i^(th) user, where 1≦i≦N; storing an indicia "B_(i) " of the eligibility of the i^(th) user to access the common resource for each of the N users; incrementing each B_(i) at its associated rate R_(i) up to a predetermined limit L_(i) assigned to each of the N users; incrementing a selected B_(i) at a rate greater than its associated R_(i) in the event that any other B_(i) is at its associated limit L_(i), and the selected B_(i) is not at its limit L_(i) ; and allowing the i^(th) user to access the common resource if its associated B_(i) is not zero. The method preferably further includes the step of decrementing B_(i) upon the granting of access to the ith user of the resource.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an AT&T 5ESS® switch with multiple classes seeking access.

FIG. 2 is a diagram illustrating a prior art throttle control technique.

FIG. 3 is a block diagram illustrating a second prior art throttle control technique.

FIG. 4 is a block diagram illustrating a third prior art throttle control technique.

FIG. 5 is a block diagram illustrating an access control technique of the invention.

FIG. 6 is a block diagram illustrating a system according to the invention for controlling both access to a service among a number of segments and access to a resource among a number of services.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT

A first embodiment of the invention features a variant of the token and leaky bucket schemes discussed above, where certain classes are able to withdraw a token from the common bank B₀ (or are allowed to deposit their quanta of fluid in LB₀) first, and use their own banks (or buckets) only when the common bank (or bucket) is full. This scheme allows the system to give priority to certain classes and allow those classes to "save" their own access to the resources for future use if there are some overflow resources that can be utilized first.

In a second embodiment, the system can eliminate the overflow bank or bucket completely and, instead, redistribute the excess tokens generated by (or leak capacity of) users operating below their contacted capacity, to certain selected users. This scheme is explained next and, for ease of explanation, it is explained only in the context of the leaky bucket analogy.

Consider the scheme illustrated in FIG. 4, where the size of the common bucket LB₀ is be made arbitrarily small, which means that the impact of the common bucket on the burstiness of the admitted stream is negligible. FIG. 4 captures a particular situation in which bucket LB₂ is empty. Therefore, its drainage capability is currently exercised on the common bucket LB₀. Also note that there are class 1 arrivals waiting in the real queue Q₁. As shown in FIG. 4 this implies that there is no room in buckets LB₀ and LB₁ to deposit the needed quanta to allow access to the system for the Class 1 arrival (thus, the class 1 arrival is waiting on Q₁).

Let the auxiliary variables Z_(n).sup.(i), i=1, 2 denote the sum of the workload in LB₀, LB_(i), and Q_(i) at arrival epoch n without counting the arrival. We will also denote Q_(i), LB_(i), and LB₀ as the amount of work in the queue and the leaky buckets. In the particular state shown in FIG. 4 Z₁ =LB₀ +LB₁ +Q₁, and Z_(n).sup.(2) =LB₀. An arrival has to wait in Q_(i) until the deposit of b_(i) quanta of fluid is completed, but fluid is leaked from buckets as long as Q_(i) >0 and LB_(i) +LB₀ -L_(i) -L₀ <0. Also note LB_(i) >0=>LB₀ =L₀. We use the index n to denote the epoch of the n^(th) arrival to the system, Δ_(n+1) for the time between epochs n and n+1, and introduce the random variables ##EQU1##

No simultaneous arrivals are allowed i.e., a_(n).sup.(i) a_(n).sup.(2) =0. To describe the evolution of the system between arrival epochs we include the workload contributed by the previous arrival, and then account for the drainage during the interval Δ_(n+1).

    Z.sub.n+1.sup.(1) =Z.sub.n.sup.(1) +a.sub.n.sup.(1) b.sub.n.sup.(1) +min(a.sub.n.sup.(2) b.sub.n.sup.(2), [L.sub.0 -Z.sub.n.sup.(2) ].sup.30)(1)

    Z.sub.n+1.sup.(2) =Z.sub.n.sup.(2) +a.sub.n.sup.(2) b.sub.n.sup.(2) +min(a.sub.n.sup.(1) b.sub.n.sup.(1), [L.sub.0 -Z.sub.n.sup.(1) ].sup.+)(2)

    Z.sub.n+1.sup.(1) =[Z.sub.n+1.sup.(1) -Δ.sub.n+1 r.sup.(1) -[Δ.sub.n+1 r.sup.(2) -Z.sub.n+1.sup.(2) +L.sub.0 ].sup.+ ].sup.+(3)

    Z.sub.n+1.sup.(2) =[Z.sub.n+1.sup.(2) -Δ.sub.n+1 r.sup.(2) -[Δ.sub.n+1 r.sup.(1) -Z.sub.n+1.sup.(1) +L.sub.0 ].sup.+ ].sup.+.(4)

Equations 1-4 highlight the impact of having the common bucket LB₀. Consider the evolution of a particular bucket, say LB₁. The negative term in equation 3 represents the contribution to the common drainage by LB₂. The latter contributes to the common drainage when Δ_(n+1) r.sup.(2), its drainage capability during the interval, exceeds its own exclusive workload Z_(n+1).sup.(2) -L₀. This common drainage capability is the distinctive feature of having L₀. On the other hand, Z_(n+1).sup.(1) is somewhat impacted by a class 2 arrival, as shown by the third term on the right side of equation 3. However, as this term shows, that impact cannot exceed L₀. Our interest is to find the cumulative distribution function (CDF) of the workload D_(n).sup.(i) in Q_(i), i=1,2 at arrival epoch n. Accordingly:

    Pr{D.sub.n.sup.(i) >x}=Pr{Z.sub.n.sup.(i) >L.sub.0 +L.sub.i +x}.(5)

Equations 1 and 2 are coupled. That is, getting the CDF of Z_(n).sup.(i), i=1,2 requires finding the joint distribution of (Z_(n).sup.(1) Z_(n).sup.(2)). Note that the dimension of the state space is 2, rather than 3, as would be if we reversed the order in making deposits to the common bucket and the own bucket. This represents a substantial simplification in the numerical procedure to compute the CDF of D_(n).sup.(i), i=1,2.

Considerable insight into the access method can be gained by comparing it to a multiclass access without a common bucket. As noted above, such a scheme is effective in terms of protection, but lacks in efficiency. We now prove the point for the particular case of two classes. To this goal consider a separate access mechanism without a common bucket subject to the same arrivals as our original system, and use bars to differentiate its variables. In particular, equations 1 and 2 reduce to

    Z.sub.n+1.sup.(i) =[Z.sub.n.sup.(i) +a.sub.n.sup.(i) b.sub.n.sup.(i) -Δ.sub.n+1 r.sup.(i) ].sup.+, i=1,2.                (6)

and equation 5 translates into

    Pr{D.sub.n.sup.(i) >x}=Pr{Z.sub.n.sup.(i) >L.sub.i +x}.    (7)

Choose L_(i) =L_(i), i=1,2, L₀ =ε, and write Z_(n).sup.(i) (ε) to emphasize the dependence of the workload on the size of the common bucket. Let ##EQU2## Set W₀.sup.(i) =Z₀.sup.(i), i=1,2. Then, for any integer n>0 the random variable W_(n).sup.(i) is

n stochastically smaller than Z_(n).sup.(i), i.e., Pr{W_(n).sup.(i) >x}≦Pr{Z_(n).sup.(i) >x} for all x≧0.

Note that as L₀ →0 the contribution of the other class to the workload of class i (equations 3 and 4) reduces to zero. However, even for L₀ 32 0 the other class contributes to the drainage of Z_(n).sup.(i) (equations 3 and 4). Therefore, in the limit, the evolution of Z_(n).sup.(i) (ε) matches that of Z_(n).sup.(i) with the addition of a non positive term.

The following corollary shows that the multi-class access controller with a common bucket outperforms the classical access controller from the point of view of access delay.

Under the conditions described above the random variable D_(n).sup.(i) is stochastically smaller than D_(n).sup.(i), i.e., Pr{D_(n).sup.(i) >x}≦Pr{D_(n).sup.(i) >x} for all x≧0.

The inequality can be rewritten Pr{W_(n).sup.(i) >L_(i) +x}≦Pr{Z_(n).sup.(i) >L_(i) +x}, which holds according to the above proposition.

As noted above, a variant to the classical leaky bucket mechanism was proposed where users probe the extra bucket LB₀ first, and deposit fluid in their own bucket if Lb₀ is full. The behavior of the proposed scheme was then compared to the standard multi-access approach. To make a consistent comparison, the size of the bucket LB₀ was set to zero. The process of doing that illuminated that the mechanism to redistribute extra capacity relies primarily on the redistribution of the leak capability, not on the extra bucket LB₀. Hence, the extra bucket is eliminated altogether, and the algorithm is modified in the following way: whenever bucket LB_(i) is empty, its capability to drain at rate r_(i) is distributed among the non-empty buckets. Two algorithms can be used to redistribute the leaks:

i) Redistribution of the excess capacity in proportion to the contractual rate. Say that LB_(z) is empty. Let A={LB_(i) :LB_(i) >0}. Then, increment the leak rate of bucket LB_(i), iεA by ##EQU3## ii) Redistribution of the excess capacity according to a priority table. Have the buckets ordered in decreasing priority order. Idle leaks go first to the head of the priority list. Only when this bucket is empty, they move to the second in the list, and so on.

These two schemes are extremes of a range that goes from a particular interpretation of fairness all the way to a discriminatory arrangement. Other possibilities include allocating the excess to the most needy bucket.

There are at least two compelling advantages to this embodiment of the invention. First, while rates relate to mean arrival rate to the system, bucket sizes are associated with the burst the system can endure. It is advantageous to have a mechanism whose worst burst equals that of assigning a standard leaky bucket per class. Second, a cleaner implementation, focused on the distribution of the excess capacity, is achieved.

System malfunctions, or external traffic not controlled by the throttle may still result in occasional system overload scenarios. While the rate control throttle is an open-loop controller, it is possible to provide a slow time-scale adaptation loop by making the set of rates {r_(i) } dependent on the status of the system.

The access controller without an extra bucket proposed above has a built-in upward adaptation mechanism of the rates to distribute extra capacity that contrasts with the closed-loop, slow time-scale downward adaptation under overload. Actually, it is quite possible that while the overall rate is decreased due to congestion caused by uncontrolled traffic the actual rates associated with some classes are increased due to the contribution of inactive users.

The preceding access control schemes can be used to control access to a group of resources at multiple levels. For example, it may be desirable to use one system to control access to a service (e.g. wireless) among a number of customers and then to use another scheme to control access among a number of different services to the resources. FIG. 5 illustrates such a system, wherein a number of segments a-z first compete for access to one of services 1-N under the control of priority segments access controllers ("PSAC") 20. Thereafter, the services compete for access to the resources 40 under the control of a multi-service access controller ("MSAC") 30. MSAC 30 preferably uses one of the access control schemes discussed above (described, for convenience, using the "token" analogy, although the leaky bucket analogy could also be used).

Each PSAC 20 controls access to its corresponding service according to the following preferred method. Referring to FIG. 6, a number of banks B₁ -B_(N) are shown, each corresponding to one of N classes of users of a system (each class corresponding to a user segment a-z). Each class's bank B_(i) receives a stream of tokens at a contractual rate of r_(i). Also associated with each class is an overflow bank O_(i). If a token generated for a particular class finds a full bank B_(i), the token is not immediately deposited in that class's overflow bank O_(i). Instead, the system first attempts to deposit the extra token in bank O_(i), representing the overflow bank of class 1, a higher priority class in this system. If overflow bank O₁ is full then the token is deposited in overflow bank O₂, and so on.

Thus, while each class is guaranteed its contractual rate, excess capacity is distributed on a priority scheme that favors certain classes.

Modifications to this scheme can be made as appropriate for the desired priority scheme to be implemented. For example, a single high priority class can be designated with each class first attempting to deposit overflow tokens to this class's overflow bank and if this overflow bank is full, then depositing excess tokens in their own overflow bank. The sizes of the overflow banks can also be modified to reflect the preferred priorities of the system.

A multi-class polling algorithm for processor sharing will now be described. Consider a processor to be shared by N users. Say that fraction f.sup.(0) of the processor real time is allocated to overhead (typically, f.sup.(O) ≈0.1 to 0.15). Overhead will be considered user 0, for a total of N+1 users.

Let f.sup.(i) denote the fraction of real time usage contracted by user i. Assume that ##EQU4## Normalization takes care of the case in which the sum of the contracted fractions plus the needed overhead f.sup.(0) is less than one. Job requests of user i are stored in buffer B_(i). Buffer B₀ is reserved for overhead work. Time is divided into slots of duration τ. The granularity is processor dependent, and the trade-offs are easy to identify: too course of a granularity gives poor control, too fine a granularity may result in unacceptable overhead.

Every τ seconds the processor has to pick up τ seconds worth of work from one of the set of buffers B={B_(i), 0≦_(i) ≦N}. The processor is scheduled in a way that: a) guarantees that every user that operates within its contractual limits receives the service it expects; b) guarantees that every user that operates above its contractual limits receives at least its contractual share; and c) the processor does not refuse service in any visit if there is work in any buffer. Note that the service discipline is not truly work conserving in that the processor may serve a buffer with less than τ seconds worth of work. Also note that as τ→0 the discipline approaches a work conserving one.

At epoch n, the control variable u_(n).sup.(i) denotes the decision in relation to buffer B_(i) : ##EQU5##

Consider a scenario in which no buffer (including B₀) ever empties. Note that ##EQU6## denotes the number of times the processor has chosen a segment from the buffer B_(i), up to, and including, epoch n. To meet the contractual fractions {f.sup.(i) } we demand that ##EQU7##

This long run average measure is a necessary but hardly a sufficient condition to meet users' expectations. We seek then to minimize the maximum deviation of the real time allocation to user i from the target as measured by ##EQU8## which can be updated recursively as

    e.sub.0.sup.(i) =0                                         (11)

    e.sub.n+1.sup.(i) =e.sub.n.sup.(i) +[f.sup.(i) -u.sub.n+1.sup.(i) ], n=0, 1, . . .                                                  (12)

Let b_(n) ^(*) denote the buffer served at epoch n, and consider the following algorithm:

i) Initialization:

    e.sub.0.sup.(i) =0 i=0, 1, . . . N,                        (13)

ii) Polling instant.

a. Polling decision: ##EQU9## (break ties with lexicographic ordering) ##EQU10## b. State update:

    e.sub.n.sup.(i) =e.sub.n-1.sup.(i) +[f.sup.(i) -u.sub.n.sup.(i) ].(15)

Accordingly, in the preferred embodiment, the polling decision at epoch n is made by selecting the largest e.sup.(i) at epoch n-1. Thus, access to the processor is granted to the user that exhibits the largest difference between its contracted share and its actual use over time. This is the most equitable method for processor sharing when all users are continuously seeking access to the processor (i.e., when user buffers never empty).

In most realistic scenarios, however, the server utilization is below 1, and buffers do empty. Also, jobs are normally sliced in segments. The length of a segment indicates the time it takes the CPU to perform the task, and it is therefore unrealistic to assume that all segments have the same duration. We now consider an alternative embodiment which takes these realistic problems into account.

Denote S_(n).sup.(i) the segment length at the head of buffer Bi at polling epoch n, and assume that there is a certain upper bound S_(max) for the length of the segments. It is illustrative to focus on two particular cases, namely, the heterogeneous overloaded, and the homogeneous not overloaded scenarios. The overloaded, heterogeneous case can easily be handled by the following simple modification of equation 15:

    e.sub.n.sup.(i) =e.sub.n-1.sup.(i) +S.sub.n.sup.(b.sbsp.n.sup.) [f.sup.(i) -u.sub.n.sup.(i) ].

That is, the modification is to weigh both the credit f.sup.(i) and the unit debit u_(n).sup.(i) by the amount of time spent by the processor serving the segment at the head of the polled buffer.

Considering the homogeneous, non-overloaded case, it is assumed that each class i is assigned the same fraction ##EQU11## of the CPU, and the segment length distribution is the same for all classes. In this scenario, a natural, fair, and indeed optimal policy according to most reasonable criteria, is the round robin algorithm, in which the server skips empty buffers.

The system proceeds when the polling buffer is empty as follows. It would be wasteful for the processor to wait for a segment to arrive, so we determine that empty buffers be skipped. The question is then how to account for the "virtual" visit to the empty buffer. One could consider not charging the empty buffer for the virtual visit, and continue giving it credit for the elapsed time. The problem with this approach is that credits accumulated by an inactive source could allow it to hog the CPU when it wakes up. A reasonable solution would be to introduce exponential smoothing in the recursion, so that more weight is put on the present than in the past. Another alternative is to distribute credit at each stage only among the active buffers. A different approach is based on the concept that the selected buffer is charged a "lost opportunity" fee for the virtual circuit.

The general process can now be stated. Recall that S_(n).sup.(i) is the segment length at the head of the buffer B_(i) at polling epoch n. Should buffer B_(i) be empty, set it to S_(i), where S_(i) is, e.g., the mean segment length of user i, and call it a virtual segment.

i. Initialization:

    e.sub.o.sup.(i) =0 i=0,1, . . . N,

    n=0.

ii. Polling instant.

a. Polling decision: ##EQU12##

(break ties with lexicographic ordering) ##EQU13##

(i can be a virtual segment, on which the processor spends no time)

b. State update:

    e.sub.n.sup.(i) =e.sub.n-1.sup.(i) +S.sub.n.sup.(b.sbsp.n.sup.) [f.sup.(i) -u.sub.n.sup.(i) ].

As noted above, even though access to the resources is regulated, it may nevertheless be desirable to regulate access to one or more particular discrete resources. A Multi-class recirculating token scheme to access discrete resources in next described.

Trunks, 3-port conference circuits and UTDs (universal tone decoders) are among the discrete resources that may need to be shared between different classes of users. By its very nature, these resources are either busy or idle. Normally, the holding time of the resource far exceeds the time needed to communicate its status. And of course, the discrete nature of the resource maps naturally into the positive integers. The following is a recirculating token scheme with a common pool.

Say that there are M units of the resource for which N users compete.

Provisioning:

i. Assign n_(i) tokens to class i bank, i=1,2, . . . N.

ii. Assign n₀ tokens to the common bank b₀, such that ##EQU14##

Each token gives access to one unit of the resource. Tokens are recirculated, not destroyed. That is, tokens are returned to the bank(s) (own bank, or common bank) they were taken from once the unit to which they granted access becomes free.

For example, assume that class i needs m≧1 units of the resource. There are three possibilities: i) it has m idle tokens of its own, in which case it gets access to the desired units in exchange for the tokens, ii) it has less than m tokens of its own, but the tokens in the common bank suffice to complete the demand, and class i proceeds as in (i), and iii) the sum of its own available tokens and the available tokens in the common bank is less than m, in which case the demand is either rejected or queued, depending on the specific design of the system.

This scheme covers a wide range of solutions, from complete partition to total sharing of the resources. It reduces to complete resource partitioning when no tokens are assigned to the common bank (n₀ =0). On the other extreme, if n₀ =N and consequently n_(i) =0, i=0), we have complete resource sharing. Complete partitioning is effective: class i is always guaranteed the simultaneous access to n_(i) units of the resource. It is not efficient, in that it can never get access to more than n_(i), even if all the remaining N-n_(i) units are idle. Complete sharing, on the other hand, handles this last scenario beautifully, but does not guarantee class i to n_(i) units at every epoch. The intermediate situation 0<n₀ <N represents a trade-off between guarantee and flexibility. To contribute to the common pool, class i will be allocated n_(i) <n_(i). The maximum number of units it can simultaneously use will vary between n_(i) and n_(i) +n₀, depending on the aggregate load on the system.

One variant of the scheme consists of giving a subset of users (high priority classes) access to the common bank before searching for tokens in their own banks. To get an exact correspondence a modification of the rule to return tokens is needed. According to this modification, tokens are always returned to the high priority bank, which overflows into the common bank. These variants indicate that in general a token recirculation policy is determined by:

a. Assignment of tokens, and token banks to the different classes.

b. Assignment of tokens to one or more shared banks.

c. A rule that grants access to the banks.

d. A rule that determines to which banks the used tokens should be returned.

There are some similarities between multi-class rate access control and the recirculating token scheme. Both approaches are explained in terms of the concept of tokens, and that of a common as well as class-specific devices (banks or pools). But there are also important differences that illuminate the distinctions between the problems they address. The closed loop nature of recirculating tokens contrasts with the open loop nature of the multi-class access control. Also, wile tokens in the former are inherently discrete, the latter admits real-valued tokens. The attributes of the token recirculating scheme stem from the crispy nature of discrete resources: a unit is either in use or idle, and this status is in most cases available in real time. On the other hand, an arrival admitted into a global system such as the one depicted in FIG. 1 is bound to consume a number of different resources in more subtle ways: it will increase the utilization of a certain processor, augment the delay in certain queues, etc. Also, its impact on these internal resources (processors, links, etc.) will take place at different points in time during the holding time of the activity associated with the arrival.

The preceding description includes illustrations of the preferred embodiments that are intended only as examples, and various other embodiments are within the scope of the appended claims. 

I claim:
 1. A method for allocating access to a shared limited resource among a plurality of users who require access to said resource, said allocation being made such that each user is granted access to said resource at a minimum guaranteed rate associated with each user and such that said resource is available for use by any user exceeding its minimum guaranteed rate only if said resource is available, said method comprising the steps of:assigning tokens to each user at a rate determined by the minimum guaranteed rate associated with each user; storing tokens assigned to each user in a bank associated with each user, each said bank having a finite capacity associated with each user; storing tokens assigned to a user whose associated bank has reached its capacity in a bank assigned to another user whose bank is below its capacity; and allowing a user requesting access to said resource to have access to said resource if said user has a predetermined number of tokens in its associated bank and otherwise denying access to said resource.
 2. The method of claim 1 wherein said users are assigned different priorities and wherein said another user is selected based on said assigned priorities.
 3. The method of claim 1 further comprising the step of deleting a predetermined number of tokens from a bank associated with a user that is granted access to said resource.
 4. The method of claim 1 wherein said predetermined number of tokens is one token.
 5. The method of claim 1 wherein each said bank has the same predetermined finite capacity.
 6. The method of claim 1 wherein at least two of said banks have a different predetermined finite capacity.
 7. A method for allocating access to a shared resource, comprising the steps of:(a) establishing an incrementable counter for each of a plurality of users of said resource, said incrementable counter having a count; (b) incrementing the count in each counter established for each user at a rate associated with each user if said count is below a predefined maximum count associated with each user; (c) permitting a user requesting access to said resource to have access if the count in the counter established for said user requesting access is non-zero; (d) incrementing the count in a counter associated with a user whose counter is below said predefined maximum count at a rate higher than its associated rate if the count in any other counter incremented in step (b) is at its predefined maximum count.
 8. The method of claim 7 wherein said users are assigned different priorities and wherein said user selected in step (d) is selected based on said assigned priorities.
 9. The method of claim 7 further comprising the step of decrementing the count in the counter established for a user requesting access if said user requesting access is granted access to said resource.
 10. The method of claim 7 wherein each said user has the same associated predefined maximum count.
 11. The method of claim 7 wherein at least two of said users have a different predefined maximum count.
 12. A method for sharing access to a common resource among N users, where N is an integer greater than 1, comprising the steps of:assigning a rate "R_(i) " to each of said N users, said rate indicating the minimum desired access rate for the i^(th) user, where 1≦i≦N; storing an indicia "B_(i) " of the eligibility of the i^(th) user to access said common resource for each of said N users; incrementing each B_(i) at its associated rate R_(i) up to a predetermined limit L_(i) assigned to each of said N users; incrementing a selected B_(i) at a rate greater than its associated R_(i) in the event that any other B_(i) is at its associated limit L_(i), and said selected B_(i) is not at its limit L_(i) ; and allowing the i^(th) user to access said common resource if its associated B_(i) is not zero.
 13. The method of claim 12 further comprising the step of decrementing B_(i) upon the granting of access to the ith user of said resource.
 14. The method of claim 12 wherein said users are assigned different priorities and wherein said selected B_(i) is selected based on said assigned priorities.
 15. The method of claim 12 wherein each said user's associated limit L_(i) has the same value.
 16. The method of claim 12 wherein at least two of said user's associated limits L_(i) have different values. 